Apple's Dev Center outage attributed to remote code execution issue

A post to Apple's Web Server Notifications webpage shows a research team reported a security threat that coincides with the Developer Center's takedown, suggesting the vulnerability is to blame for the portal's weeks-long outage.

The website, through which Apple gives credit to those who have reported potential threats to its servers, notes that a remote code execution issue was addressed on June 18, the same day Apple's Dev Center was taken offline. As pointed out by TechCrunch, the report notates the problem as being associated with "developer.apple.com," the address of Apple's Developer Center.

Apple offers no further information regarding the remote code execution threat, but does credit "7dscan.com" and "SCANV" of www.knownsec.com for discovering and reporting the issue. 7Dscan.com is also cited as finding another remote code execution issue with Apple's Express Lane tech support service.

The new information runs counter to statements made by researcher Ibrahim Balic, who claimed responsibility for Apple's self-imposed downtime days after the dev portal was pulled. At the time, Balic said he discovered and reported 13 bugs to Apple, along with user details of 73 Apple employees.

Balic is, however, credited as finding an iAd Workbench bug related to an information disclosure issue. The problem was addressed on the day Balic came forward with his claims.

The specifics of Apple's Dev Center downtime have yet to be explained. Apple has revealed little in its subsequent updates to developers, though the company did announce that an "intruder" attempted to glean personal information from a database of registered developer accounts. Sensitive data was encrypted, though Apple could not rule out the possibility that at least some information was accessed.

About one week later, portions of the Dev Center were reactivated as Apple worked to bring the website back online with newly installed safeguards.

The Dev Center was finally brought back online earlier this month after what amounted to a three week downtime.